diff options
| author | Armin Kuster <akuster@mvista.com> | 2015-10-29 16:22:41 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-12-08 13:27:27 +0000 |
| commit | 7e9516cb0e2660c0fc4347628ebd11ae6321cad0 (patch) | |
| tree | f4bd7b2955ee3220bae66e233e144128f31479bd | |
| parent | dc6630b44b8edc5a925e6738aabfab804c4fb1fe (diff) | |
| download | ast2050-yocto-poky-7e9516cb0e2660c0fc4347628ebd11ae6321cad0.zip ast2050-yocto-poky-7e9516cb0e2660c0fc4347628ebd11ae6321cad0.tar.gz | |
libxslt: CVE-2015-7995
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
(From OE-Core rev: 2ad0b4dd7262c251f991bbf7826580d89bd6e73a)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch | 33 | ||||
| -rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.28.bb | 3 |
2 files changed, 35 insertions, 1 deletions
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch new file mode 100644 index 0000000..e4d09c2 --- /dev/null +++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch @@ -0,0 +1,33 @@ +From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 29 Oct 2015 19:33:23 +0800 +Subject: Fix for type confusion in preprocessing attributes + +CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 +We need to check that the parent node is an element before dereferencing +its namespace + +Upstream-Status: Backport + +https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + libxslt/preproc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: libxslt-1.1.28/libxslt/preproc.c +=================================================================== +--- libxslt-1.1.28.orig/libxslt/preproc.c ++++ libxslt-1.1.28/libxslt/preproc.c +@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st + } else if (IS_XSLT_NAME(inst, "attribute")) { + xmlNodePtr parent = inst->parent; + +- if ((parent == NULL) || (parent->ns == NULL) || ++ if ((parent == NULL) || ++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || + ((parent->ns != inst->ns) && + (!xmlStrEqual(parent->ns->href, inst->ns->href))) || + (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { diff --git a/meta/recipes-support/libxslt/libxslt_1.1.28.bb b/meta/recipes-support/libxslt/libxslt_1.1.28.bb index ded883e..e7f8bb6 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.28.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.28.bb @@ -10,7 +10,8 @@ DEPENDS = "libxml2" SRC_URI = "ftp://xmlsoft.org/libxslt//libxslt-${PV}.tar.gz \ file://pkgconfig_fix.patch \ - file://pkgconfig.patch" + file://pkgconfig.patch \ + file://CVE-2015-7995.patch" SRC_URI[md5sum] = "9667bf6f9310b957254fdcf6596600b7" SRC_URI[sha256sum] = "5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c" |
